Tag Archives: hacking

Securing software from potential attacks is important business. Google is putting its money where its mouth is and is willing to give away a combined $2.7 million (“$2.71828 million, which is a reference to the mathematical constant e, a concept that’s important to know when writing algorithms.”) for hackers to find exploits in either the HP Chromebook 11 or the Acer C720 Chromebook. As part of a contest called “Pwnium” in March, anyone with decent hacking abilities will be given between $110,000 and $150,000 for successful hacks, which have to be executed through a web page. The hacks that remain even after the laptop is rebooted will get the larger bounties. There will also be bonuses for “clever hacks”.

“Pwnium is to be held at the CanSecWest security conference in Vancouver, Canada. To register for the contest, hackers can email Google at [email protected] The deadline to register is 5 p.m. PST on March 10.”

This is some scary stuff. Apparently, in a presentation at the BreakPoint security conference in Melbourne, IOActive researcher Barnaby Jack discussed a vulnerability in a brand of pacemaker that could be used to deliver fatal shocks to their wearer’s hearts. It seems this as-yet-unspecified brand of pacemaker contains a secret wireless backdoor that could be accessed by hackers up to 30 feet away, and which would allow them to either kill immediately or (perhaps more alarmingly) reprogram the pacemaker to turn it into an autonomous source of infection. The wearer could go then around, unknowingly “infecting” other patients and spreading the virus to the population, making them vulnerable to lethal attacks at any moment.

It is indeed a scary situation but is fortunately not one that is necessarily imminent. Barnaby’s type of “white hat” hacking is meant to raise awareness and potentially lead to tighter software security among manufacturers. He hasn’t released any details that would allow less scrupulous people from exploiting this vulnerability, though there’s no mention if the manufacturer in question has rectified the situation yet.

Well, if you’re the nerdy type, who likes his hacks, the blink(1) should make you smile. It plugs into any computer’s free USB ports and works as a fully programmable indicator of… anything you want.

Do you want to know if a friend has signed onto Skype, but don’t want a window popping up every time anyone has logged on? Do you want to be notified when a long download has finished? Do you want to know the snow conditions at Tahoe without checking every hour? Do you want to make a “busy” light for your office that glows red when your calendar says you’re in a meeting?

You can do all four at once: you can simultaneously control as many blink(1)s as you have USB ports. Have a 36-port USB hub? You can fill it with 36 blink(1)s, each of which is showing a different piece of information.

You could conceivably end up with one heck of a nerdy Christmas tree, with lights going on and off at anytime anything happens. It’s… kind of cool. And it’s $30 for one, on a fully funded Kickstarter project.

The newer generations of BMW’s have keys that would appear to make theft pretty hard to accomplish. There’s really no way to start the car without them, and since they’re encoded right at the dealership (with blanks sent over from Germany), no one but you has access to them. The encryption is strong, so they can’t be hacked… and yet… Turns out that some enterprising thieves have found a way to steal a new BMW in less than 90 seconds. The ways this is done is by purchasing a key encoder, which is sold on the black market in some parts of Europe for $8,000 or thereabouts. They then smash the driver’s side window and attach this encoder from the outside to the ODB-II port, which is not password protected. It appears that the cars’ alarm system has a blind spot right in front of the ODB-II port, so sticking your arm inside doesn’t seem to trigger anything. From there it’s just a matter of programming a blank (which the miscreants also appear to be able to acquire, although an old fob can also be reprogrammed) and leaving with the car, making use of their newly minted keyfob. This seems to affect every BMW, from the 1-series to the X6.

BMW’s official response? “Yeah, we know about this. And guess what, it’s a problem all premium, luxury cars face. (Not in those actual words.)” So, uh, looks like BMW won’t do much for you. Maybe keep a dog next to your car at night?

Anyway, hit the jump for a video of a car being stolen using this method, and another of a key being programmed with one of the illicit encoders.

Yeah, so the iPhone 4S came out a while ago and aside from a faster processor, everyone was pointing to Siri as being the only real improvement over the iPhone 4. Of course, Siri is software and it didn’t take long until hackers figured out how to port Siri over to the previous generation device. That early port was rather useless since the real processing and the brains behind Siri take place on Apple’s servers; these servers only talked to Siri requests coming from an iPhone 4S and nothing else. But now there’s a new port out that has succeeded in getting Apple’s servers talking to other devices. So yeah, Siri obviously works outside of the 4S.

That’s nice to know. Except we can’t get our hands on this yet since whoever developed this has decided not to release the port. It was more of a proof of concept.

Fear not Internauts, this is the interconnected tubes and it’s only a matter of time until others walk in these footprints and take away the most and only compelling reason to upgrade from an iPhone 4.

The addition of a touch screen has made the Nintendo DS a very popular console for the homebrew and ‘hacking’ community, and the creators of the DS brut have made things even easier for would be tinkerers with their DS Bluetooth Adapter. The Slot-1 compatible cart allows the DS to communicate with other devices like GPS receivers, expanding its capabilities, and its hardware schematics and software library is all open source if you’d like to build your own. (I’m pretty sure pre-assembled units are not actually available for sale.)

Almost two years in the making, we’re happy to finally release our DS Bluetooth adapter. The tiny Slot-1 cartridge allows you to hook up the Nintendo DS wirelessly with other devices such as GPS-receivers, robots and so forth. Today we’re making all materials of the project openly available, including the schematics and a GPL-licensed software library for the Nintendo DS, because we believe in open hardware design and want to encourage collaboration in the hardware hacking community.

Months ago I had heard that the modern versions of pacemakers were susceptible to hacker attacks. Modern pacemakers can be modified by doctors using a special remote device that can change the beats per minute of the patient’s heart among other things. This allows patients to undergo fewer operations for adjustments.

The remote nature of the new pacemakers make them possible targets for hackers. At best, the remote attacks would merely steal patient information stored in the pacemaker. At worst it could be tampered with to kill the patient. Millions of people depend on pacemakers to keep their heart beating so the medical community is taking this threat very seriously.

The proposed cloaking device would be an external attachment that the pacemaker owner would wear and would resemble a medic-alert bracelet. The cloaking device would prevent remote access to the pacemaker(and other implanted medical devices). If the person with the pacemaker ever did have trouble the on-site doctor could remove the cloaker and modify the pacemaker as needed.

OhGizmo! is a frequently updated blog that focuses on covering items that will appeal to a very specific and often very passionate audience: the geek. Aside from the fare of innovative consumer electronic products, the reader can expect to find news about geek culture, absurd inventions, awe inspiring technology, and an ever growing assortment of articles that we like to think fit within our view of what we’re calling the Geek Lifestyle.